Mercurial > hg > nginx

annotate src/stream/ngx_stream_ssl_preread_module.c @ 6849:01adb18a5d23

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Stream ssl_preread: relaxed SSL version check. SSL version 3.0 can be specified by the client at the record level for compatibility reasons. Previously, ssl_preread module rejected such connections, presuming they don't have SNI. Now SSL 3.0 is allowed at the record level.
author Roman Arutyunyan <arut@nginx.com>
date Mon, 19 Dec 2016 14:02:39 +0300
parents 8f75d9883730
children 2a288909abc6
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
6695
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
1
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
2 /*
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
3 * Copyright (C) Nginx, Inc.
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
4 */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
5
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
6
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
7 #include <ngx_config.h>
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
8 #include <ngx_core.h>
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
9 #include <ngx_stream.h>
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
10
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
11
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
12 typedef struct {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
13 ngx_flag_t enabled;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
14 } ngx_stream_ssl_preread_srv_conf_t;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
15
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
16
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
17 typedef struct {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
18 size_t left;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
19 size_t size;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
20 u_char *pos;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
21 u_char *dst;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
22 u_char buf[4];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
23 ngx_str_t host;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
24 ngx_log_t *log;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
25 ngx_pool_t *pool;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
26 ngx_uint_t state;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
27 } ngx_stream_ssl_preread_ctx_t;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
28
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
29
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
30 static ngx_int_t ngx_stream_ssl_preread_handler(ngx_stream_session_t *s);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
31 static ngx_int_t ngx_stream_ssl_preread_parse_record(
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
32 ngx_stream_ssl_preread_ctx_t *ctx, u_char *pos, u_char *last);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
33 static ngx_int_t ngx_stream_ssl_preread_server_name_variable(
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
34 ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
35 static ngx_int_t ngx_stream_ssl_preread_add_variables(ngx_conf_t *cf);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
36 static void *ngx_stream_ssl_preread_create_srv_conf(ngx_conf_t *cf);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
37 static char *ngx_stream_ssl_preread_merge_srv_conf(ngx_conf_t *cf, void *parent,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
38 void *child);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
39 static ngx_int_t ngx_stream_ssl_preread_init(ngx_conf_t *cf);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
40
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
41
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
42 static ngx_command_t ngx_stream_ssl_preread_commands[] = {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
43
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
44 { ngx_string("ssl_preread"),
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
45 NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
46 ngx_conf_set_flag_slot,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
47 NGX_STREAM_SRV_CONF_OFFSET,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
48 offsetof(ngx_stream_ssl_preread_srv_conf_t, enabled),
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
49 NULL },
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
50
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
51 ngx_null_command
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
52 };
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
53
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
54
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
55 static ngx_stream_module_t ngx_stream_ssl_preread_module_ctx = {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
56 ngx_stream_ssl_preread_add_variables, /* preconfiguration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
57 ngx_stream_ssl_preread_init, /* postconfiguration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
58
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
59 NULL, /* create main configuration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
60 NULL, /* init main configuration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
61
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
62 ngx_stream_ssl_preread_create_srv_conf, /* create server configuration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
63 ngx_stream_ssl_preread_merge_srv_conf /* merge server configuration */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
64 };
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
65
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
66
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
67 ngx_module_t ngx_stream_ssl_preread_module = {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
68 NGX_MODULE_V1,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
69 &ngx_stream_ssl_preread_module_ctx, /* module context */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
70 ngx_stream_ssl_preread_commands, /* module directives */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
71 NGX_STREAM_MODULE, /* module type */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
72 NULL, /* init master */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
73 NULL, /* init module */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
74 NULL, /* init process */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
75 NULL, /* init thread */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
76 NULL, /* exit thread */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
77 NULL, /* exit process */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
78 NULL, /* exit master */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
79 NGX_MODULE_V1_PADDING
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
80 };
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
81
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
82
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
83 static ngx_stream_variable_t ngx_stream_ssl_preread_vars[] = {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
84
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
85 { ngx_string("ssl_preread_server_name"), NULL,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
86 ngx_stream_ssl_preread_server_name_variable, 0, 0, 0 },
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
87
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
88 { ngx_null_string, NULL, NULL, 0, 0, 0 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
89 };
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
90
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
91
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
92 static ngx_int_t
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
93 ngx_stream_ssl_preread_handler(ngx_stream_session_t *s)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
94 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
95 u_char *last, *p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
96 size_t len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
97 ngx_int_t rc;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
98 ngx_connection_t *c;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
99 ngx_stream_ssl_preread_ctx_t *ctx;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
100 ngx_stream_ssl_preread_srv_conf_t *sscf;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
101
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
102 c = s->connection;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
103
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
104 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0, "ssl preread handler");
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
105
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
106 sscf = ngx_stream_get_module_srv_conf(s, ngx_stream_ssl_preread_module);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
107
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
108 if (!sscf->enabled) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
109 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
110 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
111
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
112 if (c->type != SOCK_STREAM) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
113 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
114 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
115
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
116 if (c->buffer == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
117 return NGX_AGAIN;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
118 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
119
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
120 ctx = ngx_stream_get_module_ctx(s, ngx_stream_ssl_preread_module);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
121 if (ctx == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
122 ctx = ngx_pcalloc(c->pool, sizeof(ngx_stream_ssl_preread_ctx_t));
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
123 if (ctx == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
124 return NGX_ERROR;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
125 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
126
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
127 ngx_stream_set_ctx(s, ctx, ngx_stream_ssl_preread_module);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
128
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
129 ctx->pool = c->pool;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
130 ctx->log = c->log;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
131 ctx->pos = c->buffer->pos;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
132 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
133
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
134 p = ctx->pos;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
135 last = c->buffer->last;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
136
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
137 while (last - p >= 5) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
138
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
139 if (p[0] != 0x16) {
6696
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
140 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
141 "ssl preread: not a handshake");
6695
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
142 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
143 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
144
6849
01adb18a5d23 Stream ssl_preread: relaxed SSL version check.
Roman Arutyunyan <arut@nginx.com>
parents: 6728
diff changeset
145 if (p[1] != 3) {
6696
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
146 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
147 "ssl preread: unsupported SSL version");
6695
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
148 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
149 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
150
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
151 len = (p[3] << 8) + p[4];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
152
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
153 /* read the whole record before parsing */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
154 if ((size_t) (last - p) < len + 5) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
155 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
156 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
157
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
158 p += 5;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
159
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
160 rc = ngx_stream_ssl_preread_parse_record(ctx, p, p + len);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
161 if (rc != NGX_AGAIN) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
162 return rc;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
163 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
164
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
165 p += len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
166 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
167
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
168 ctx->pos = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
169
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
170 return NGX_AGAIN;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
171 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
172
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
173
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
174 static ngx_int_t
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
175 ngx_stream_ssl_preread_parse_record(ngx_stream_ssl_preread_ctx_t *ctx,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
176 u_char *pos, u_char *last)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
177 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
178 size_t left, n, size;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
179 u_char *dst, *p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
180
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
181 enum {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
182 sw_start = 0,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
183 sw_header, /* handshake msg_type, length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
184 sw_head_tail, /* version, random */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
185 sw_sid_len, /* session_id length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
186 sw_sid, /* session_id */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
187 sw_cs_len, /* cipher_suites length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
188 sw_cs, /* cipher_suites */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
189 sw_cm_len, /* compression_methods length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
190 sw_cm, /* compression_methods */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
191 sw_ext, /* extension */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
192 sw_ext_header, /* extension_type, extension_data length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
193 sw_sni_len, /* SNI length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
194 sw_sni_host_head, /* SNI name_type, host_name length */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
195 sw_sni_host /* SNI host_name */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
196 } state;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
197
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
198 ngx_log_debug2(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
199 "ssl preread: state %ui left %z", ctx->state, ctx->left);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
200
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
201 state = ctx->state;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
202 size = ctx->size;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
203 left = ctx->left;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
204 dst = ctx->dst;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
205 p = ctx->buf;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
206
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
207 for ( ;; ) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
208 n = ngx_min((size_t) (last - pos), size);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
209
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
210 if (dst) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
211 dst = ngx_cpymem(dst, pos, n);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
212 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
213
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
214 pos += n;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
215 size -= n;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
216 left -= n;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
217
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
218 if (size != 0) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
219 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
220 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
221
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
222 switch (state) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
223
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
224 case sw_start:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
225 state = sw_header;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
226 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
227 size = 4;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
228 left = size;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
229 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
230
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
231 case sw_header:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
232 if (p[0] != 1) {
6696
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
233 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
e83540f825cd Stream ssl_preread: removed internal macro.
Vladimir Homutov <vl@nginx.com>
parents: 6695
diff changeset
234 "ssl preread: not a client hello");
6695
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
235 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
236 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
237
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
238 state = sw_head_tail;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
239 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
240 size = 34;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
241 left = (p[1] << 16) + (p[2] << 8) + p[3];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
242 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
243
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
244 case sw_head_tail:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
245 state = sw_sid_len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
246 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
247 size = 1;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
248 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
249
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
250 case sw_sid_len:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
251 state = sw_sid;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
252 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
253 size = p[0];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
254 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
255
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
256 case sw_sid:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
257 state = sw_cs_len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
258 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
259 size = 2;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
260 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
261
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
262 case sw_cs_len:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
263 state = sw_cs;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
264 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
265 size = (p[0] << 8) + p[1];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
266 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
267
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
268 case sw_cs:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
269 state = sw_cm_len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
270 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
271 size = 1;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
272 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
273
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
274 case sw_cm_len:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
275 state = sw_cm;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
276 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
277 size = p[0];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
278 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
279
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
280 case sw_cm:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
281 if (left == 0) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
282 /* no extensions */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
283 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
284 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
285
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
286 state = sw_ext;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
287 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
288 size = 2;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
289 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
290
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
291 case sw_ext:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
292 if (left == 0) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
293 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
294 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
295
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
296 state = sw_ext_header;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
297 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
298 size = 4;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
299 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
300
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
301 case sw_ext_header:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
302 if (p[0] == 0 && p[1] == 0) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
303 /* SNI extension */
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
304 state = sw_sni_len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
305 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
306 size = 2;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
307 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
308 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
309
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
310 state = sw_ext;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
311 dst = NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
312 size = (p[2] << 8) + p[3];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
313 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
314
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
315 case sw_sni_len:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
316 state = sw_sni_host_head;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
317 dst = p;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
318 size = 3;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
319 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
320
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
321 case sw_sni_host_head:
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
322 if (p[0] != 0) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
323 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
324 "ssl preread: SNI hostname type is not DNS");
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
325 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
326 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
327
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
328 state = sw_sni_host;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
329 size = (p[1] << 8) + p[2];
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
330
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
331 ctx->host.data = ngx_pnalloc(ctx->pool, size);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
332 if (ctx->host.data == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
333 return NGX_ERROR;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
334 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
335
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
336 dst = ctx->host.data;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
337 break;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
338
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
339 case sw_sni_host:
6728
8f75d9883730 Stream ssl_preread: fixed $ssl_preread_server_name variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6696
diff changeset
340 ctx->host.len = (p[1] << 8) + p[2];
8f75d9883730 Stream ssl_preread: fixed $ssl_preread_server_name variable.
Sergey Kandaurov <pluknet@nginx.com>
parents: 6696
diff changeset
341
6695
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
342 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
343 "ssl preread: SNI hostname \"%V\"", &ctx->host);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
344 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
345 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
346
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
347 if (left < size) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
348 ngx_log_debug0(NGX_LOG_DEBUG_STREAM, ctx->log, 0,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
349 "ssl preread: failed to parse handshake");
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
350 return NGX_DECLINED;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
351 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
352 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
353
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
354 ctx->state = state;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
355 ctx->size = size;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
356 ctx->left = left;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
357 ctx->dst = dst;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
358
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
359 return NGX_AGAIN;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
360 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
361
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
362
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
363 static ngx_int_t
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
364 ngx_stream_ssl_preread_server_name_variable(ngx_stream_session_t *s,
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
365 ngx_variable_value_t *v, uintptr_t data)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
366 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
367 ngx_stream_ssl_preread_ctx_t *ctx;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
368
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
369 ctx = ngx_stream_get_module_ctx(s, ngx_stream_ssl_preread_module);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
370
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
371 if (ctx == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
372 v->not_found = 1;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
373 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
374 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
375
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
376 v->valid = 1;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
377 v->no_cacheable = 0;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
378 v->not_found = 0;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
379 v->len = ctx->host.len;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
380 v->data = ctx->host.data;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
381
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
382 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
383 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
384
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
385
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
386 static ngx_int_t
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
387 ngx_stream_ssl_preread_add_variables(ngx_conf_t *cf)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
388 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
389 ngx_stream_variable_t *var, *v;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
390
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
391 for (v = ngx_stream_ssl_preread_vars; v->name.len; v++) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
392 var = ngx_stream_add_variable(cf, &v->name, v->flags);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
393 if (var == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
394 return NGX_ERROR;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
395 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
396
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
397 var->get_handler = v->get_handler;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
398 var->data = v->data;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
399 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
400
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
401 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
402 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
403
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
404
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
405 static void *
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
406 ngx_stream_ssl_preread_create_srv_conf(ngx_conf_t *cf)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
407 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
408 ngx_stream_ssl_preread_srv_conf_t *conf;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
409
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
410 conf = ngx_pcalloc(cf->pool, sizeof(ngx_stream_ssl_preread_srv_conf_t));
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
411 if (conf == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
412 return NULL;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
413 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
414
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
415 conf->enabled = NGX_CONF_UNSET;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
416
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
417 return conf;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
418 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
419
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
420
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
421 static char *
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
422 ngx_stream_ssl_preread_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
423 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
424 ngx_stream_ssl_preread_srv_conf_t *prev = parent;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
425 ngx_stream_ssl_preread_srv_conf_t *conf = child;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
426
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
427 ngx_conf_merge_value(conf->enabled, prev->enabled, 0);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
428
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
429 return NGX_CONF_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
430 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
431
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
432
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
433 static ngx_int_t
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
434 ngx_stream_ssl_preread_init(ngx_conf_t *cf)
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
435 {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
436 ngx_stream_handler_pt *h;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
437 ngx_stream_core_main_conf_t *cmcf;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
438
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
439 cmcf = ngx_stream_conf_get_module_main_conf(cf, ngx_stream_core_module);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
440
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
441 h = ngx_array_push(&cmcf->phases[NGX_STREAM_PREREAD_PHASE].handlers);
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
442 if (h == NULL) {
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
443 return NGX_ERROR;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
444 }
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
445
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
446 *h = ngx_stream_ssl_preread_handler;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
447
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
448 return NGX_OK;
060d71292b69 Stream: ssl_preread module.
Vladimir Homutov <vl@nginx.com>
parents:
diff changeset
449 }